Skip to main content

This version of GitHub Enterprise will be discontinued on 2022-09-28. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Understanding your software supply chain

  • About supply chain security

    GitHub Enterprise Server helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies.

  • About the dependency graph

    You can use the dependency graph to identify all your project's dependencies. The dependency graph supports a range of popular package ecosystems.

  • Configuring the dependency graph

    You can allow users to identify their projects' dependencies by enabling the dependency graph.

  • About dependency review

    Dependency review lets you catch insecure dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies.

  • Configuring dependency review

    You can use dependency review to catch vulnerabilities before they are added to your project.

  • Exploring the dependencies of a repository

    You can use the dependency graph to see the packages your project depends on. In addition, you can see any vulnerabilities detected in its dependencies.

  • Troubleshooting the dependency graph

    If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.